Building Cyber Resilience in Financial Services: 6 Real-World Success Stories
Published July 13, 2026
In financial services organizations, the systems cyber attackers most want to reach are also the most critical to business operations. Meanwhile, legacy infrastructure resists change, auditors and pen testers keep finding the same gaps, and AI-driven vulnerability discovery is collapsing the time between disclosure and exploitation, so the cost of standing still keeps climbing – but simply patching faster isn’t a viable solution.
This roundup features six Zero Networks customers, spanning private credit, investment banking, wealth management, and beyond, who closed network security gaps without the operational complexity and outage risks that had stalled prior attempts.
We’ll walk through how these firms leveraged automated, identity-driven microsegmentation to secure legacy systems, enforce granular controls without breaking critical connections, mitigate recurring pen test and audit findings, and build architectures designed to contain vulnerabilities that can't yet be patched.
Legacy Complexity in Enterprise Networks: Closing Security Gaps
Inherited infrastructure is the norm in financial services and enterprise orgs. Assets accumulate across years of mergers and vendor decisions, often maintained by separate teams with no unified network visibility. This leaves security teams to face a forced trade-off: accept protection gaps, or risk operational disruptions by enforcing granular controls.
Real-World Examples
Antares Capital is one of the largest direct lenders in the US and is responsible for $60B+ in middle-market lending. Their team recognized lateral movement as a portfolio risk as much as a security risk. But disparate legacy assets made it difficult to get a complete view of the network, so the team struggled to determine which ports were actually necessary for business operations.
Similarly, La Trobe Financial’s environment had been evolving since the 1980s, leaving the security team to untangle decades of legacy complexity. As one of Australia’s leading and most trusted alternative asset managers – and responsible for securing over $20B in assets – La Trobe understood the urgent need to close legacy enterprise security gaps, but many systems were so deeply embedded in critical operations that replacing them would require years of effort and millions of dollars.
Other microsegmentation products work if you’re in a cloud native environment – if everything is modern, shiny, and new – down here in the real world, we have to deal with some pretty horrible old school protocols that don’t play nice.
- Aaron Steinke, Head of Infrastructure, La Trobe Financial
The Solution: Full Network Visibility and Agentless Integration
Antares Capital and La Trobe Financial solved their enterprise legacy complexity challenges with Zero’s deterministic automation engine and agentless approach:
- Automated discovery of all network assets and identities – including legacy systems – uncovered traffic patterns and dependencies across previously siloed environments.
- Deterministic, human-on-the-loop automation fuels policy creation and enforcement, enabling precise rules that scale protection to legacy systems without risking disruption.
- Agentless architecture deploys in minutes by leveraging native, host-based firewalls, enabling a seamless fit with legacy systems – without introducing latency.
By integrating with existing infrastructure and unlocking end-to-end network visibility, Zero Networks removed the legacy barriers that stand in the way of comprehensive microsegmentation for many financial and enterprise institutions.
As a result, Antares reached full segmentation in under three months, freeing 10+ hours a week across cloud and networking teams; La Trobe reached a security posture its team described as historically "out of reach," without a multi-year, multi-million-dollar modernization project.
Implementing Microsegmentation without Disrupting Critical Operations
Even when legacy complexity is not the primary barrier to a more robust network security posture, financial services organizations often hesitate to implement granular network segmentation for fear that it will break something – will enforcement disrupt the trading systems, client workflows, or applications the business depends on? Overly complex tools and unsustainable manual burdens can break critical connections outright or leave gaps and inconsistencies that risk continuity over time.
Real-World Examples
Baron Funds oversees ~$49B in client assets, making continuity and access integrity extremely critical. After other microsegmentation solutions broke the network, the organization was hesitant to move forward, but pen testing reinforced the need for more granular segmentation.
Evercore faced the same underlying concern. A leading global independent investment bank, Evercore needed to shut down lateral movement across a complex, high-value enterprise environment without adding operational friction or deploying intrusive agents. But traditional approaches – manual access controls, privileged group clean-up, and firewall-based segmentation – required an extraordinary amount of effort that made inconsistencies inevitable and still left exploitable pathways open.
The Solution: Deterministic Automation and Living-off-the-Land Defense
Baron Funds and Evercore confidently embraced microsegmentation by removing the manual effort, guesswork, and operational complexity of legacy solutions with Zero Networks:
- Policies are built from observed traffic and network behavior over a defined learning period, rather than manually assembled rule sets that require guesswork and introduce human error at scale.
- Deterministic, human-on-the-loop automation eliminates unsustainable manual effort without removing human judgement entirely from the equation.
- Orchestration of the native controls that already exist in today’s environments enable a non-disruptive, “living-off-the-land” defense.
[Zero Networks] actually uses technology that we already have – it’s technology that we’ve already had on the network for 20 years. For as long as we’ve had firewalls, we could have done this. We just couldn’t manage the firewall at scale. You couldn’t manage the firewall intelligently. We had every piece of the solution there – what we did not have was the brains.
- Henry Mayorga, CISO, Baron Funds
By accurately automating rules based on learned network realities and enforcing them via native controls, Zero Networks gave both organizations the confidence to enforce granular segmentation without betting business continuity on an untested rule set or an unsustainable manual process. As a result, Baron Funds reached full segmentation in 30 days with zero disruptions to network traffic; Evercore locked down lateral movement across the entire enterprise from a single platform, managed by a single part-time administrator.
As a Banking IT Manager pointed out in a Gartner Peer Insights review, the value of these results compounds at scale:
Pen Tests, Audits, and Cyber Compliance Requirements: Prioritizing and Validating Controls
Penetration tests and compliance requirements are some of the most common forcing functions for microsegmentation initiatives – especially in highly regulated industries like financial services. But pen tests and audits don’t only expose gaps to help security leaders prioritize strategies, they also validate the impact of controls.
Real-World Examples
Auditors had repeatedly flagged a specific gap with La Trobe Financial: the absence of MFA on high-risk protocols like RDP and SSH. But prior attempts to implement MFA on admin protocols and legacy systems had introduced latency, bugs, or errors severe enough to make the fix impractical.
ACT Commodities – a leading global provider of market-based sustainability solutions – uncovered the scale of exposure across its Azure Cloud environment the same way. Pen testers could access the environment and exfiltrate data within just five minutes, but reimplementing firewalls, adjusting configurations, and completing the other tasks necessary to protect servers proved too difficult.
Like many financial services organizations, diversified holding company B. Riley Financial saw the same security gaps surface in pen test results year after year but faced an impossible tradeoff: address persistent findings and disrupt key operations or live with known risks to maintain business as usual.
There were a lot of years of doing penetration testing and coming up with similar results. There was always a critical. There was always a high. There were always multiples. And we just couldn’t stop those from reoccurring; no matter what we did, those same things would just show up again – we thought we had it fixed and then we’d find out a year later that we still had that issue.”
- Aaron Goodwin, CISO, B. Riley Financial
The Solution: Closing Gaps by Default with Containment Architecture
La Trobe, ACT Commodities, and B. Riley all closed exploitable pathways before a pen test or audit could find them, rather than remediating findings one at a time after the fact – if at all. With Zero Networks, these financial services orgs implemented comprehensive microsegmentation and built containment into the network architecture via capabilities like:
- Network-layer MFA that extends authentication to high-risk protocols like RDP and SSH without touching the underlying legacy systems or introducing new points of failure.
- Least-privilege access enforced by default, closing the specific pathways that attackers – and therefore, pen testers – rely on, rather than depending on manual review to catch every gap.
- Continuous, automated policy enforcement generates audit-ready evidence as a byproduct of normal operation.
By closing gaps structurally rather than chasing them one finding at a time, security teams turn audits and pen tests from a source of stress to a validation exercise. For example, after implementing Zero Networks, La Trobe closed the exact MFA gap auditors had consistently flagged without breaking legacy systems; ACT Commodities' five-minute breach window closed entirely, with later pen tests revealing unwanted lateral movement was completely blocked and contained; and B. Riley finally received a penetration test report with no high alerts, closing out a cycle of findings that had persisted for years.
We had six findings in our penetration test, and every one of them would have been prevented or mitigated with Zero Networks. There’s not one other product we have that could have come close... Zero Networks is a cornerstone piece of security technology.
Chris Turek, Former CIO, Evercore
Containing Vulnerabilities Before Patching: Preemptive Security in the Frontier AI Era
Security teams have long faced an uphill battle keeping up with day-to-day vulnerability management. The issue has compounded in this age of frontier AI, where models like Mythos and Daybreak can find, analyze, and generate exploits for vulnerabilities at a speed and scale no human team can match.
For example, Mythos found over 10,000 previously unknown vulnerabilities in seven weeks, including bugs that had evaded automated detection for decades. The window between disclosure and exploitation has collapsed. Even if vendors release mountains of patches to mitigate this influx of discovered vulnerabilities, organizations face an impossible tradeoff: patch immediately and manage updates that contain thousands of fixes at a time, or wait and prioritize while accepting risk exposure.
Instead, financial institutions need a way to protect uptime before patches exist, or while validating that patches won’t cause unintended operational disruptions.
Real-World Examples
B. Riley Financial faced versions of the vulnerability exposure problem multiple times. In one case, a Microsoft Outlook vulnerability involving outbound SMB traffic left the firm exposed with no patch available from the vendor. Waiting for a fix meant leaving the exposure open.
The Solution: Structural Containment as a Buffer Against Unpatched Risk
With Zero Networks, B. Riley deployed a targeted rule blocking outbound SMB traffic from Outlook to the internet, closing the specific path the vulnerability relied on.
And critically, this is just one example of how a cyber resilient network architecture designed for containment protects financial institutions against vulnerabilities without patching. More broadly, automated, identity-driven microsegmentation buys security teams time to patch safely by:
- Closing unnecessary access paths by default, limiting what any unpatched vulnerability can reach, regardless of how it was discovered – or how quickly.
- Constraining privileged access to explicitly authorized identities, so admin protocols aren’t lateral movement highways.
- Scaling protection across the entire network, including OT and legacy systems that can’t always be patched on short notice – or at all.
Having microsegmentation in place has really given us a precautionary protection layer so we can delay applying some of these patches. This gives us plenty of time to test, make sure everything’s working, and then apply it, but still have that protection layer in place.
- Aaron Goodwin, CISO, B. Riley Financial
Cyber Resilience for Financial Services: Build a Self-Defending Architecture with Zero Networks
Legacy complexity, operational disruption risk, compliance pressure, and accelerating vulnerabilities are distinct challenges almost every financial institution faces, but they can all be solved with a single platform.
By delivering automated discovery across legacy and modern assets alike, a deterministic policy engine that builds and enforces rules from real traffic and identity behavior, agentless integration with existing infrastructure, and network-layer MFA for privileged access, Zero Networks enables financial services orgs to build a self-defending network architecture that proactively blocks attacks without disrupting the business.
See how Zero Networks makes cyber resilience practical for financial institutions – request a demo.

